Cloud Computing Security Framework Based on Shared Responsibility Models

Abstract

In the present scenario, especially in the current pandemic situation, cloud computing enables new innovation in the IT industry and more than 90% of IT enterprises are migrating their services towards virtualization using cloud computing platforms. Organizations like manufacturing, automobiles, healthcare, and academic are also upgrading their infrastructure by using Internet of Things devices and sharing their valuable data and computing process with cloud computing service providers (CSPs). Although the cloud computing model is the most preferred for an internet-based computing platform and public domain deployment, it also increases cyber risk and the threat to cloud-hosted assets. This is because of outsourcing third-party cloud computing platforms to hosting by enterprising assets. In 2020, approximately 16 billion records were breached. However, according to researchers, 8.4 billion records had already been exposed in the first quarter of that year. As per the Varonis Report, on average only 5% of the folders of companies are protected properly. A recent study published by ETCISO in 2020 shows that the average data breach cost is $2 million in India. The security research firm recently revealed that more than 80% of the data breaches that occurred during the COVID-19 pandemic were either because of brute-force attacks or stolen credentials. In order to gain the maximum outcome from the advantages of a cloud computing platform, users rely on the cloud service providers for managing their data and IT services. So, for the smooth management of data and services of cloud users, CSPs are required for a strong cloud security framework. More than 50% of the market for cloud computing services is occupied by the top three CSPs: Amazon web services, Microsoft Azure, and Google cloud. This chapter presents a comprehensive analysis and the findings of a security framework related to top CSPs, and proposes a cloud security shared responsibility model and its application in various internet computing services like healthcare and e-governance.